Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiManager 7.2.2 CLI Reference
    7.2.2
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.8
    5.6.7
    5.6.7
    5.6.6
    5.6.6
    5.6.5
    5.6.5
    5.6.4
    5.6.4
    5.6.3
    5.6.3
    5.6.2
    5.6.2
    5.6.1
    5.6.1
    5.6.0
    5.6.0
    5.4.7
    5.4.6
    5.4.6
    5.4.5
    5.4.5
    5.4.4
    5.4.4
    5.4.3
    5.4.3
    5.4.2
    5.4.2
    5.4.1
    5.4.1
    5.4.0
    5.4.0
    5.2.10
    5.2.9
    5.2.9
    5.2.7
    5.2.7
    5.2.6
    5.2.6
    5.2.4
    5.2.4
    5.2.3
    5.2.3
    5.2.2
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.12
    5.0.11
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.0
    4.0.0

    certificate

    certificate

    Use these commands to manage certificates.

    certificate ca

    Use these commands to list CA certificates, and to import or export CA certificates.

    Syntax

    To list the CA certificates installed on the FortiManager unit:

    execute certificate ca list

    To export or import CA certificates:

    execute certificate ca export <cert_name> <tftp_ip>

    execute certificate ca import <filename> <tftp_ip> <cert_name>

    Variable

    Description

    list

    Generate a list of CA certificates on the FortiManager system.

    <export>

    Export CA certificate to TFTP server.

    <import>

    Import CA certificate from a TFTP server.

    <cert_name>

    Name of the certificate.

    <tftp_ip>

    IP address of the TFTP server.

    <filename>

    File name on the TFTP server.

    certificate crl

    Use this command to import CRL certificate from a TFTP server.

    Syntax

    execute certificate crl import <filename> <tftp_ip> <cert_name>

    certificate local

    Use these commands to list, import, or export local certificates, and to generate a certificate request

    Syntax

    execute certificate local export <cert_name> <tftp_ip>

    execute certificate local import <filename> <tftp_ip> <cert_name>

    execute certificate local import-pkcs12 {ftp | scp | sftp} <ip:port> <filename> <username> <password> <password> <name>

    execute certificate local generate <certificate-name-string> <subject> <number> [<optional_information>]

    execute certificate local list

    Variable

    Description

    export <cert_name> <tftp_ip>

    Export a certificate or request to a TFTP server.

    • cert_name - Name of the certificate.
    • tftp_ip - IP address of the TFTP server.

    import <filename> <tftp_ip> <cert_name>

    Import a signed certificate from a TFTP server.

    import-pkcs12 {ftp | scp | sftp} <ip:port> <filename> <username> <password> <password> <name>

    Import a certificate and private key from a PKCS#12 file.

    • ftp, scp, sftp - The type of server the file will be imported from.
    • ip:port - The server IP address and, optional, the port number.
    • filename - The path and file name on the server.
    • username - The user name on the server.
    • password - The user password.
    • password - The file password.
    • name - The certificate name.

    generate <certificate-name_str> <subject> <number> [<optional_information>]

    Generate a certificate request.

    • certificate-name-string - Enter a name for the certificate. The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.
    • number - The size, in bits, of the encryption key, 512, 1024, 1536, or 2048.
    • subject - Enter one of the following pieces of information to identify the FortiManager unit being certified:
      • The FortiManager unit IP address
      • The fully qualified domain name of the FortiManager unit
      • An email address that identifies the FortiManager unit
      • An IP address or domain name is preferable to an email address.
    • optional_information - Enter optional_information as required to further identify the unit. See Optional information variables for more information.

    list

    Generate a list of CA certificates and requests that are on the FortiManager system.
    Optional information variables

    You must enter the optional variables in the order that they are listed in the table. To enter any optional variable you must enter all of the variables that come before it in the list.

    For example, to enter the organization_name_str, you must first enter the country_code_str, state_name_str, and city_name_str.

    While entering optional variables, you can type ? for help on the next required variable.

    Variable

    Description

    <country_code_str>

    Enter the two-character country code.

    <state_name_str>

    Enter the name of the state or province where the FortiManager unit is located.

    <city_name_str>

    Enter the name of the city, or town, where the person or organization certifying the FortiManager unit resides.

    <organization-name_str>

    Enter the name of the organization that is requesting the certificate for the FortiManager unit.

    <organization-unit_name_str>

    Enter a name that identifies the department or unit within the organization that is requesting the certificate for the FortiManager unit.

    <email_address_str>

    Enter a contact email address for the FortiManager unit.

    <ca_server_url>

    Enter the URL of the CA (SCEP) certificate server that allows auto-signing of the request.

    <challenge_password>

    Enter the challenge password for the SCEP certificate server.

    certificate remote

    Use these commands to list, import, or export remote certificates.

    Syntax

    To list the remote certificates installed on the FortiManager unit:

    execute certificate remote list

    To export or import remote certificates:

    execute certificate remote {<export>|<import>} <cert_name> <tftp_ip>

    Variable

    Description

    list

    Generate a list of remote certificates on the FortiManager system.

    <export>

    Export the certificate to TFTP server.

    <import>

    Import the certificate from a TFTP server.

    <cert_name>

    Name of the certificate.

    <tftp_ip>

    IP address of the TFTP server.
    Previous
    Next

    certificate

    certificate

    Use these commands to manage certificates.

    certificate ca

    Use these commands to list CA certificates, and to import or export CA certificates.

    Syntax

    To list the CA certificates installed on the FortiManager unit:

    execute certificate ca list

    To export or import CA certificates:

    execute certificate ca export <cert_name> <tftp_ip>

    execute certificate ca import <filename> <tftp_ip> <cert_name>

    Variable

    Description

    list

    Generate a list of CA certificates on the FortiManager system.

    <export>

    Export CA certificate to TFTP server.

    <import>

    Import CA certificate from a TFTP server.

    <cert_name>

    Name of the certificate.

    <tftp_ip>

    IP address of the TFTP server.

    <filename>

    File name on the TFTP server.

    certificate crl

    Use this command to import CRL certificate from a TFTP server.

    Syntax

    execute certificate crl import <filename> <tftp_ip> <cert_name>

    certificate local

    Use these commands to list, import, or export local certificates, and to generate a certificate request

    Syntax

    execute certificate local export <cert_name> <tftp_ip>

    execute certificate local import <filename> <tftp_ip> <cert_name>

    execute certificate local import-pkcs12 {ftp | scp | sftp} <ip:port> <filename> <username> <password> <password> <name>

    execute certificate local generate <certificate-name-string> <subject> <number> [<optional_information>]

    execute certificate local list

    Variable

    Description

    export <cert_name> <tftp_ip>

    Export a certificate or request to a TFTP server.

    • cert_name - Name of the certificate.
    • tftp_ip - IP address of the TFTP server.

    import <filename> <tftp_ip> <cert_name>

    Import a signed certificate from a TFTP server.

    import-pkcs12 {ftp | scp | sftp} <ip:port> <filename> <username> <password> <password> <name>

    Import a certificate and private key from a PKCS#12 file.

    • ftp, scp, sftp - The type of server the file will be imported from.
    • ip:port - The server IP address and, optional, the port number.
    • filename - The path and file name on the server.
    • username - The user name on the server.
    • password - The user password.
    • password - The file password.
    • name - The certificate name.

    generate <certificate-name_str> <subject> <number> [<optional_information>]

    Generate a certificate request.

    • certificate-name-string - Enter a name for the certificate. The name can contain numbers (0-9), uppercase and lowercase letters (A-Z, a-z), and the special characters - and _. Other special characters and spaces are not allowed.
    • number - The size, in bits, of the encryption key, 512, 1024, 1536, or 2048.
    • subject - Enter one of the following pieces of information to identify the FortiManager unit being certified:
      • The FortiManager unit IP address
      • The fully qualified domain name of the FortiManager unit
      • An email address that identifies the FortiManager unit
      • An IP address or domain name is preferable to an email address.
    • optional_information - Enter optional_information as required to further identify the unit. See Optional information variables for more information.

    list

    Generate a list of CA certificates and requests that are on the FortiManager system.
    Optional information variables

    You must enter the optional variables in the order that they are listed in the table. To enter any optional variable you must enter all of the variables that come before it in the list.

    For example, to enter the organization_name_str, you must first enter the country_code_str, state_name_str, and city_name_str.

    While entering optional variables, you can type ? for help on the next required variable.

    Variable

    Description

    <country_code_str>

    Enter the two-character country code.

    <state_name_str>

    Enter the name of the state or province where the FortiManager unit is located.

    <city_name_str>

    Enter the name of the city, or town, where the person or organization certifying the FortiManager unit resides.

    <organization-name_str>

    Enter the name of the organization that is requesting the certificate for the FortiManager unit.

    <organization-unit_name_str>

    Enter a name that identifies the department or unit within the organization that is requesting the certificate for the FortiManager unit.

    <email_address_str>

    Enter a contact email address for the FortiManager unit.

    <ca_server_url>

    Enter the URL of the CA (SCEP) certificate server that allows auto-signing of the request.

    <challenge_password>

    Enter the challenge password for the SCEP certificate server.

    certificate remote

    Use these commands to list, import, or export remote certificates.

    Syntax

    To list the remote certificates installed on the FortiManager unit:

    execute certificate remote list

    To export or import remote certificates:

    execute certificate remote {<export>|<import>} <cert_name> <tftp_ip>

    Variable

    Description

    list

    Generate a list of remote certificates on the FortiManager system.

    <export>

    Export the certificate to TFTP server.

    <import>

    Import the certificate from a TFTP server.

    <cert_name>

    Name of the certificate.

    <tftp_ip>

    IP address of the TFTP server.
    Previous
    Next